VUE Point The latest news, innovations, and technology
Q2 2019

The Global VUE

Ask our expert: What’s new in online proctoring?

To welcome you to our second edition of the new VUE Point newsletter, which brings you exciting content on security and new technologies in computer-based testing, we’d like to introduce you to Peter Pascale.

With nearly two decades of experience in the assessment industry, Peter has unique insights into the ever-changing technological landscape and its impact on CBT.

1. What’s your role at Pearson VUE? What’s your history at Pearson VUE?

I’m the Vice President of Product and Strategy, and I’ve worked for Pearson VUE for 19 years. I spent about eight or nine years as a software developer, writing a lot of code for the systems that support exam programs and candidates. I like to say that I wrote a little bit of code, but most of the bugs, too.

A few years later I began leading technology and later product strategy. Today, my teams are responsible for incorporating customer feedback into our existing products; working with our development teams on new features and enhancements; and anticipating what our future customers and markets will need in the long term.

2. What’s your particular area of expertise or interest in the testing industry?

With my background, it should be no surprise that I’m fascinated with how technology can improve all aspects of the assessment experience. I know that technology has a lot to offer our testing programs and candidates in terms of leading to better candidate experiences in the registration and check-in processes, new types of testing, and exciting test designs like performance-based testing.

My team and I also monitor general trends in education and workforce development so that we understand the ways in which assessment can stay relevant.

3. Pearson VUE recently launched OnVUE, its new online proctoring offering. What was your role in this project?

OnVUE has a dedicated team that functions a little bit like a startup. Like the business owner of a startup, my role in launching OnVUE was doing a little bit of everything and a lot of doing whatever it takes to move the ball forward. Some days, that means talking to customers about new ways they might use online proctoring so we can incorporate their perspectives into further development of OnVUE. The next day, I might be helping the team assess options for how to solve a difficult technical problem.

4. Why did the product team reimagine and prioritize work on Pearson VUE’s online proctoring offering?

Our senior executives came to us with a challenge: “What does it take to be the industry leader in online proctoring?” We presented a plan for a product that would create the best candidate experience in online proctoring while still providing oversight through proctors. With OnVUE, we’ve completely rebuilt the candidate experience. This lets us leverage the latest in technology and UX design to remove friction and create the type of experience and interaction that candidates expect from modern software. Everything in the candidate experience in OnVUE is brand new, and it’s a platform on which we can add all sorts of interesting enhancements and features moving forward.

5. What do you hope this new product accomplishes for clients who use online proctoring?

Ultimately, our goal at Pearson VUE is to help our clients assess their candidates wherever they are while meeting the unique needs of that candidate population and exam program. With OnVUE, we’re introducing a better online proctoring solution that our clients can utilize alongside the world’s largest test center network and industry-leading company-owned test centers.

Customers shouldn’t have to choose between the best online proctoring solution and all the other computer-based testing delivery models. Pearson VUE can provide the delivery model to meet the needs of whatever candidate population needs our clients want to reach.

6. Describe why OnVUE is an exciting development compared to the way online exams were delivered in the past.

With OnVUE, we’ve removed the requirement of admin rights and a complex installation. Candidates can simply download and test. We are really trying to remove the friction that gets in the way of the candidate proving their knowledge or skills. When you’re already nervous about your exam, you don’t want to struggle with getting the technology to work. You just want a seamless experience, and OnVUE accomplishes that.

OnVUE also incorporates self check-in capabilities, which let us verify a candidate’s identity and their testing environment using artificial intelligence and government ID verification tools, minimizing the time it takes to start an exam while maintaining oversight processes.

7. What should a program consider when thinking about using online proctoring?

In general, we always advise programs to understand the security levels and risks associated with different delivery models, whether it’s test center delivery, online proctoring, or client proctored delivery. We typically talk about this in terms of balancing control and access as well as security and flexibility. Ultimately, our team at VUE works to help clients understand how to manage risk based on the specific test, candidate, and risk profiles involved in their program.

More specifically to OP, we advise our client programs to educate their candidates or membership about the nature of a “bring your own device” model. We truly believe OnVUE makes it easier than ever for candidates to take exams from anywhere, but it’s important that candidates understand their responsibility for their machines and technology on test day during an online proctored exam. We provide support and tools so that we can minimize technology questions or issues through shared education.

8. What do you see as the future of online proctoring? What changes do you foresee in the computer-based testing industry in general?

In terms of the future of online proctoring, I see a lot of potential for the ways in which artificial intelligence can improve the quality and security of the online proctoring experience in two ways.

First, it lets us leverage machine learning to augment our proctor’s own capabilities to monitor an online proctoring session. Second, AI helps us look at broader patterns across exam deliveries and incorporate facts we know about the exam session beyond what we’re observing through the video of the OP session.

In general, I think AI brings new tools to verify candidates’ abilities and ensure the integrity of the exam experience across the testing industry as a whole.

For most of our candidates, the best outcome from any assessment experience is getting a job, keeping a job, or getting a better job. With an increased emphasis on employability and skills development, I see a bright future for certification and credentialing. The need to verify skills and knowledge will only grow.

Insights & Innovations

What’s the IQ of your AI?

You’ve probably heard a lot of talk these days about the amazing powers of artificial intelligence, but the reality is that AI is not always as advanced as you’re led to believe.

Anyone with a smart speaker has likely heard this response: “I am sorry. I don’t know how to help you with that”. This highlights the fact that many artificial intelligence uses right now are little more than a clever implementation of pattern matching and, while this can be used in very powerful ways, it's not ready to stand alone yet in many instances. We bring this to light to better explain how and where AI can be used most effectively.

Let’s bring this discussion to the testing industry. We know that AI can do pattern matching pretty well. That means AI could identify what’s contained in a picture, such as an ID or a headshot, and extract information, such as a name and expiration date. AI can also look for known markers and identifiers inserted for security purposes that indicate a fraudulent identification.

More specifically, during an online proctored exam, artificial intelligence can identify a variety of indicators, enhancing the ability of the human proctor who’s observing the test in real time. It can tell us whether the person sitting at the computer is the same person who appears on the ID, spot forbidden objects, listen for noises, and make sure there’s only one human behind the keyboard.

But let’s be clear: none of these actions are decisions or judgments. While AI succeeds at verifying valuable information, it’s not making judgment decisions based on human experience or instinct. The computer is not ready to answer the most important questions we ask of our test proctors, such as “Should I stop this test? Is this person cheating?”

When Pearson VUE was designing OnVUE, our reimagined online proctoring solution, we wanted to offer the best of what humans offer and the best of what new technology offers. We think the best use of AI is to assist human decision making. While in its current form, AI is not ready to replace humans in making judgment decisions, it can offer signals to human proctors to make them even more effective during an online exam. We call this Proctor Augmentation.

Our goal with OnVUE online proctoring is to give more people access to more opportunities through certification — and online exams have the ability to remove any barriers that might prevent candidates from testing. With the inclusion of AI, OnVUE is 100% automated, offering a significantly improved user experience to the candidate. At the same time, OnVUE offers strengthened protection for our clients, leveraging AI to augment the ability of humans to make tough decisions while filling in the gaps humans might miss. After all, the computer never blinks.

The Secure Testing Framework™: Build a security foundation you can count on

Test security is not a one size fits all solution. Securing your exam content means something different to your psychometricians, operations team, security team, and executives in your organization.

Today’s security dynamic of constant threat is here to stay, and while you should take a multifaceted approach to protecting your exam program, the core concepts of test security should remain simple. That’s where our Secure Testing Framework™ comes in.

At the core of the framework is protecting our clients’ intellectual property and their candidates’ information. From business continuity and data privacy to internal audits and risk management, the center of the framework represents Pearson VUE’s commitment to maintaining a broad range of accreditations in infosec, quality, and privacy standards to protect the integrity of our clients’ exam programs. The outer ring introduces four other key domains that must be cared for to ensure test security: test design, delivery strategy, candidate experience, and risk management practices.

secure testing framework infographic

Let’s walk through a hypothetical decision-making process to see how the Secure Testing Framework helps you make thoughtful decisions about where and how to protect your program.

Test design: You’ve decided to use a linear fixed-form test design with multiple choice items. You plan to update the exam content only four times a year. What are the risks associated with a linear fixed-form exam versus a different test design, such as CAT or LOFT? How will this decision impact the other elements of the Secure Testing Framework?

Delivery strategy: You want to reach as many candidates as possible, so you’ve chosen Pearson VUE’s extensive third-party test center channel as well as OnVUE online proctoring. In choosing a broader channel for delivery, you must consider the level of control over the consistency of the test experience you’ll have. Are you okay delivering your exam without additional security measures, like palm vein and biometric screening and overhead video monitoring during testing?

Candidate experience: With the broad delivery channel you’ve chosen, consider any implications on the security of the candidate experience. For example, what retake policy will you implement? The retake policy will have direct implications for protecting your exam content from item harvesters and preventing giving candidates an unfair advantage if they’re able to retake the test too frequently. However, you must also consider the difficulty of re-testing for those individuals in remote areas of the world.

Risk management practices: The decisions you make under the previous three domains will always lead to at least some level of risk. You understand both the benefits and risks associated with your decision to offer a fixed linear exam distributed through a broad channel to a global candidate demographic. You’ll experience the benefits of a broad delivery channel to reach candidates across the globe, but with exam content updated only four times a year, you open yourself up to some level of risk with item exposure. Could you implement web monitoring and other security analytics to detect any abnormal testing behaviors, like constant rescheduling, high score jumps, or low time and low score events, that might indicate a security risk?

Questions? Reach out to your program manager to discuss how the Secure Testing Framework™ can help you bolster your exam security policies.

Making it Happen

Four smart test security practices to implement right now

Test security is a broad, nuanced topic — and one that’s constantly evolving. As a test sponsor, you know you need to protect the integrity of and investment in your exam content and program. But where to start?

We’ve identified four actions you can take right now to secure your exam program.

 

  1. Protect your data — everywhere.
    This seems like an obvious starting point, but while well intended, we find that test owners sometimes do not plan for the entire lifecycle of their candidate’s data or their exam content. While we protect your data for you while it’s within our purview, you also need to ensure that you’re protecting the whole lifecycle of your candidate’s data. For example, if you send your exam content and candidate data to third parties for exam development, psychometric evaluation, or translation, be sure to do your due diligence to ensure that they are processing that data in a secure fashion. Require them to encrypt emails, follow local and international data protection standards like ISO 27001 and NIST, and comply with regional laws, like GDPR.
  2. Expand your approach to exam content design.
    You may be wondering what your plan for exam content and design has to do with test security. In fact, it’s one of the best strategies to combat exposure of test items. A smart investment to consider is developing additional content up front. Additional items will increase your test security by giving more longevity to your content, reducing the likelihood that a candidate will see the same item or a previously exposed item. In fact, the recommended number of test items should be about twice the number currently in a live or active exam. Take this proactive content approach to exam design, which will have positive ripple effects for the long-term security of your test.
  3. Develop — and use — a security plan.
    Don’t ignore this basic but critical action for test security. Spend the time to develop a thorough security plan, which will help you keep your finger on the pulse for potential threats as well as react in a timely manner in the event of an incident. A security plan defines your preferences on questions like: What should I do if my exam content appears online? When should I revoke a candidate’s score? When should I ban a candidate? How do we want to respond to a security incident during an online exam versus in a test center? Having a living, breathing security plan in place ensures that your team is on the same page with regard to test program policies and procedures, helping you to anticipate and manage an incident more effectively.
  4. Monitor your brand and intellectual property actively.
    Test security isn’t just about protecting candidate data and behavior and test items — it’s about protecting your brand as a whole. Web monitoring is a relatively affordable and easy way to protect your brand’s — and your credential’s — reputation as a leader in your space. While web monitoring is just one component of a wider test security plan, we know that candidates can be vocal about their exam experiences online. If a candidate posts commentary about a specific test item on social media, web monitoring will alert you about this immediately, helping you confront not only the item exposure but also any public relations concerns surrounding the candidate’s commentary. We’re continually advancing our web monitoring offering, expanding to new international sources and providing better dashboards and data visualizations.

    As you consider these four best practices to protect your exam program, remember that your team at Pearson VUE can answer your questions about developing a nuanced and thoughtful security plan at any time.

 

In the Spotlight

Putting it into practice: The National Center for Assessment's security techniques

Across the world, exam providers face security challenges in all aspects of their program, from test design to the candidate experience.

As a result, organizations work hard to have a security plan in place to maintain the fairness and integrity of their certifications. We now know what protocols should be in place, but what does it look like in practice?

The National Center for Assessment in Saudi Arabia was the first professional government organization in the Middle East to develop and provide assessment services, including mostly university admissions as well as other professional exams in engineering and accounting. Since its launch more than 18 years ago, the center has achieved many outstanding accomplishments in preparing and formulating testing standards in various educational and professional fields.

With testing sites ranging from the largest Pearson VUE® Authorized Test Center in the world (180 seats!) to mobile testing sites situated in top-of-the-range, high-tech truck-trailers, the NCA has implemented cutting-edge technology to maintain global standards and security across its channel of test centers. Here’s how they did it:

Detecting proxy testers
When a candidate enters a test center, the test center administrators verify and compare their photograph ID, signature, and handwriting with stored data, as well as conduct palm vein analysis. In partnership with the Interior Ministry, NCA also conducts fingerprint verification, which highlights any discrepancies in candidate identity verification within minutes during check in.

Preventing content exposure
Understanding the value of their question bank, NCA uses a range of measures to minimize the chances of a content leak. Along with standard security procedures like having candidates lock their personal items, NCA also invests in regular updates to their question bank, and they come down hard on organizations that try to harvest questions.

Maximizing network and system security
NCA reduced the number of available networks by linking all test centers in Saudi Arabia through a single WAN (wide area network), resulting in a system that’s easier to protect from an outside attack. Additionally, NCA routinely runs network vulnerability scans to identify and proactively address potential weak spots to further safeguard their system's security.

Maintaining test administrator credibility
NCA has chosen to hire all employees themselves, and their proctors are classified as permanent employees. As a result, they have no third-party test centers within Saudi Arabia, giving them a greater level of control over the delivery of their exams. To further reduce the chances of rule violation, each test center has a number of certified test administrators on staff, and the site’s cameras are linked to their head office in order to monitor quality.

In conclusion, NCA leverages the established best practices for test security in Pearson VUE® Authorized Test Centers while also benefiting from additional security measures they’ve implemented to protect their exam program. They represent a great example of how clients can develop their own security plan to supplement the protection of their credentials.

Trust extended: Introducing vendor assurance and compliance

Because we’re committed to providing our testing services at the highest levels you’ve come to expect, we ensure the prospective vendors we work with will be held to the same standards of service and security.

With our strict Vendor Assurance and Compliance procedure in place, we’ve built a reliable ecosystem to conduct business around the globe to extend the high service we provide to our clients and their candidates.

Our procedure defines the requirements for working with third parties from selection through to exit and ensuring that they adhere to our certified management systems (ISO 9001, ISO 27001, ISO 22301) as well as Pearson Group policies.

Before we engage these vendors, we put them through a rigorous series of checks and balances:

 

  1. Health and safety: are they abiding by the appropriate rules and regulations?
  2. Legal performance: are they operating in a sanctioned country?
  3. Security: Will they have access to our systems and your candidate data and test content?
  4. Finance: do they adhere to anti-bribery and corruption policies?
  5. Data protection: are they managing data correctly and legally?

 

Any potential vendors must pass all of these initial checks before joining our ecosystem, and we continue to monitor, audit, and categorize their business activities and processes annually or whenever there are changes to their services to ensure continued accuracy and security.

While vendor assurance seems like a simple internal process, it’s critical to maintaining the best service for your program across the globe and it’s a key part of our wider security strategy to protect your exam program and content.